Version of this course: 2.0
The version of this training course has been superseded by the new version 3.0. The material in this version is only available for previous students to study and review purposes only. The lab exercise and final evaluation has been intentionally removed.
You Will Be Able to:
- Identify and document the scope of IACSs under evaluation and under consideration
- Specify, gather, or generate the cybersecurity information necessary to perform the assessment
- Identify or discover cybersecurity vulnerabilities inherent in the product or system under consideration
- Organize and facilitate a cybersecurity risk assessment for an integrated system
- Identify and evaluate realistic threat scenarios
- Identify gaps in existing company policies, procedures and standards
- Establish and document safety zones and conduits
- Prepare documentation of the results of the evaluation.
You Will Cover:
- Preparing for an Assessment
- Cybersecurity Vulnerability Assessment
- Conducting Vulnerability Assessments
- Cyber Risk Assessments
- Conducting Cyber Risk Assessments
- Documentation and Reporting
- And more…
Classroom/Laboratory Demo:
- Critiquing system architecture diagrams
- Asset inventory
- Gap Assessment
- Windows Vulnerability Assessment
- Capturing Ethernet Traffic
- Port Scanning
- Using Vulnerability Scanning Tools
- Perform a high-level risk assessment
- Creating a zone & conduit diagram
- Perform a detailed cyber risk assessment
- Critiquing a cybersecurity requirements specification
Who Should Attend:
- Control systems engineers and managers
- System Integrators
- IT engineers and managers of industrial facilities
- IT corporate/security professionals
- Plant Safety and Risk Management
Recommended Pre-Requisite:
ISA Course IC32 or equivalent knowledge/experience.
The main objectives of ISA training is to make sure that the audience understands and interprets the requirements of the ISA/IEC-62443 series of standards correctly and what needs to be done.
While the exercises and products used in the lab helps to understand the concepts, it is not within the objectives of ISA to recommend any specific solution or to show how to comply with the multiple requirements.